@Override public String toString() { final StringBuilder b = new StringBuilder(); b.append("[oc=").append(this.originalConstructId.getQname()); if(this.modifiedConstructId!=null) b.append(", mc=").append(this.modifiedConstructId.getQname()); b.append(", jarUrl=").append(this.jarUrl).append("]"); return b.toString(); }
@Override public String toString(){ StringBuilder sb = new StringBuilder(); sb.append(constructId.getQname()).append(":").append(repoPath); return sb.toString(); }
public int compareTo(Object _other) { if(_other instanceof ClassModification) return this.getNewConstruct().getQname().compareTo(((ClassModification)_other).getNewConstruct().getQname()); else throw new IllegalArgumentException("Expected object of type [" + ClassModification.class.getName() + "], got " + _other.getClass().getName()); } }
/** * Check if the argument is a string representing a method of my application * (meaning not of an external library). To define the domain of the application we use * the entries on which we built the graph. * @param app_entries Entry methods that we used to define the app domain. Use {@link BackendConnector#getApplicationConstructIds(MavenId)} to get them. * @param value a string representing the complete name of a method * @return a boolean value stating if value is part of the application or not */ public boolean isAnAppMethod(Set<com.sap.psr.vulas.shared.json.model.ConstructId> app_entries, String value){ // this method take as input the constructs of the app but if the inner class // constructor is modified (e.g. a$1(a)==>a$1() ) we have problems so we // can just add a workaround here. // NB: even is the name of the class contains a $ and is not an innerclass // the method result is right anyway if(value.contains("$")) value = value.substring(0, value.indexOf("$")); // this solve problems with inner classes for(com.sap.psr.vulas.shared.json.model.ConstructId entry : app_entries) if(entry.getQname().startsWith(value)) return true; return false; } }
/** * vulas-cia:/constructs()/{sha1}/{type}/{qname}/ast * @return */ public static final String constructSignature(@NotNull String _sha1, @NotNull com.sap.psr.vulas.shared.json.model.ConstructId _cid) { final StringBuilder b = new StringBuilder(); b.append(constructs()); b.append("/").append(_sha1); b.append("/").append(_cid.getType().toString()); b.append("/").append(_cid.getQname()); b.append("/ast"); return b.toString(); }
public static Set<ConstructId> filterWithRegex(Set<ConstructId> _in, String[] _qname_filter) { final Set<ConstructId> result = new HashSet<ConstructId>(); final Set<Pattern> filter = new HashSet<Pattern>(); Matcher m = null; for(String f: _qname_filter) filter.add(Pattern.compile(f)); final int count_before = _in.size(); for(ConstructId c: _in) { for(Pattern p: filter) { m = p.matcher(c.getQname()); if(m.matches()) result.add(c); } } final int count_after = result.size(); log.info("[" + (count_before-count_after) + "/" + count_before + "] items filtered"); return result; } }
public final String toString() { final StringBuilder builder = new StringBuilder(); builder.append("[").append(this.getId()).append(":").append(this.getLang()).append("|").append(this.getType()).append("|").append(this.getQname()).append("]"); return builder.toString(); }
/** * Order ChangeListConstructs using their timeStamp */ @Override public int compareTo(ConstructChange o) { if ( this.committedAt.compareTo(o.committedAt) == 0 ) { return this.constructId.getQname().compareTo(o.getConstructId().getQname()); } else { return this.committedAt.compareTo(o.committedAt); } }
public final String toString(boolean _deep) { final StringBuilder builder = new StringBuilder(); if(_deep) { builder.append("Trace").append(this.toString(false)).append(System.getProperty("line.separator")); builder.append(" app ").append(this.getApp()).append(System.getProperty("line.separator")); builder.append(" lib ").append(this.getLib()).append(System.getProperty("line.separator")); } else { builder.append("[").append(this.getId()).append(":").append(this.getConstructId().getQname()).append("]"); } return builder.toString(); } }
/** * An archive is considered to contain a security patch if all programming constructs affected by the patch * do exist in the fixed revision (unless they are not contained in the archive). * @return */ public boolean containsFix() { if(this.isFixedArchive==null) { boolean archive_fixed = true, construct_fixed; int i=0; for(ConstructId cid: this.constructFixes.keySet()) { ArchiveFixContainmentCheck.log.info(" -------- #" + String.valueOf(i++)); ArchiveFixContainmentCheck.log.info(" Checking construct [" + cid.getQname() + "]"); construct_fixed = this.constructFixes.get(cid).containsFix(); // Update counters if(construct_fixed) this.constructsFixedCount++; else this.constructsVulnerableCount++; // Update overall result archive_fixed = archive_fixed && construct_fixed; ArchiveFixContainmentCheck.log.info(" Construct [" + cid.getQname() + "] fixed: [" + construct_fixed + "]"); } this.isFixedArchive = new Boolean(archive_fixed); } return this.isFixedArchive; }
/** * Transforms an object with a given shared type (defined in vulas-share) into * an object having the corresponding core type (defined in vulas-core). * @param _cid * @return */ public static com.sap.psr.vulas.ConstructId toCoreType(com.sap.psr.vulas.shared.json.model.ConstructId _cid) { switch(_cid.getType()) { case METH: return JavaId.parseMethodQName(_cid.getQname()); case CONS: return JavaId.parseConstructorQName(_cid.getQname()); case PACK: return new JavaPackageId(_cid.getQname()); case INIT: return JavaId.parseClassInitQName(_cid.getQname()); case ENUM: return JavaId.parseEnumQName(_cid.getQname()); case CLAS: return JavaId.parseClassQName(_cid.getQname()); default: throw new IllegalArgumentException("Unknown type [" + _cid.getType() + "]"); } }
/** * Returns true if the signature creation is supported for the given {@link ConstructId}. This depends * on whether the ID's definition context can be obtained, and whether the latter is a nested class. * @param _cid */ static final boolean isSupported(ConstructId _cid, boolean _throw_exception) throws IllegalArgumentException { boolean supported = true; // Get and check the definition context of the construct whose signature we're about to create final JavaClassId class_id = (JavaClassId)JavaId.toCoreType(_cid).getDefinitionContext(); // Cannot get the def context if(class_id==null) { supported = false; if(_throw_exception) throw new IllegalArgumentException("No definition context for construct [" + _cid.getQname() + "]"); } // Nested class else if(class_id.isNestedClass()) { supported = false; JavaSignatureFactory.log.error("Nested classes are not yet supported, cannot create signature for [" + _cid.getQname() + "]"); if(_throw_exception) throw new IllegalArgumentException("Nested classes are not yet supported, cannot create signature for [" + _cid.getQname() + "]"); } return supported; }
/** * vulas-cia:/constructs()/{group}/{artifact}/{version}/{type}/{qname}/ast * @return */ public static final String constructSignature(@NotNull Application _lib, @NotNull com.sap.psr.vulas.shared.json.model.ConstructId _cid) { final StringBuilder b = new StringBuilder(); b.append(constructs()); b.append("/").append(_lib.getMvnGroup()); b.append("/").append(_lib.getArtifact()); b.append("/").append(_lib.getVersion()); b.append("/").append(_cid.getType().toString()); b.append("/").append(_cid.getQname()); b.append("/ast"); return b.toString(); }
/** * Returns true if the given {@link ConstructId} is modified. */ @JsonIgnore public boolean isBodyChanged(@NotNull ConstructId _cid) { boolean mod = false; if(_cid.getType()==ConstructType.CONS && this.modifiedConstructors!=null) { for(ClassModification m: this.modifiedConstructors) { if(m.getNewConstruct().getQname().equals(_cid.getQname()) && m.isBodyChanged()) { mod = true; break; } } } else if(_cid.getType()==ConstructType.METH && this.modifiedMethods!=null) { for(ClassModification m: this.modifiedMethods) { if(m.getNewConstruct().getQname().equals(_cid.getQname()) && m.isBodyChanged()) { mod = true; break; } } } return mod; } }
/** * check whether all entrypoints are existing in callgraph * * @throws CallgraphConstructException */ private void checkEntrypoints(boolean _policy) throws CallgraphConstructException { HashSet<com.sap.psr.vulas.shared.json.model.ConstructId> ep_diff = new HashSet<com.sap.psr.vulas.shared.json.model.ConstructId>(); com.sap.psr.vulas.shared.json.model.ConstructId cid = null; ep_diff.addAll(this.filteredEP); for (CGNode node : this.callgraph.getEntrypointNodes()) { cid = getCid(node.getMethod()); ep_diff.remove(cid); } if (_policy && (!ep_diff.isEmpty())) throw new CallgraphConstructException("Strict policy applied; terminating as there are [" + ep_diff.size() + "] entry points missing in call graph", null); if (ep_diff.size() == this.filteredEP.size()) throw new CallgraphConstructException("[0/" + ep_diff.size() + "] entry points found in call graph", null); if ((!_policy) && (!ep_diff.isEmpty())) { WalaCallgraphConstructor.log.warn("There should be [" + this.filteredEP.size() + "] entrypoints set; but [" + ep_diff.size() + "] entrypoints are missing in the call graph"); for (com.sap.psr.vulas.shared.json.model.ConstructId m : ep_diff) WalaCallgraphConstructor.log.warn(" [" + m.getQname() + "] is missing"); } else { WalaCallgraphConstructor.log.info("All [" + this.filteredEP.size() + "] entrypoints exist in the call graph"); } }
throw new IllegalStateException("Error while searching class [" + class_id.getQualifiedName() + "]: " + nfe.getMessage()); } catch (IOException ioe) { throw new IllegalStateException("Error while writing temp file for construct [" + _cid.getQname() + "]: " + ioe.getMessage());
/** * Returns a {@link ConstructId} of type {@link ConstructType#PACK} in which the given construct ID has been declared. * @param _cid * @return */ public static ConstructId getPackageOf(ConstructId _cid) { ConstructId ccid = null; if(_cid.getType()==ConstructType.PACK) ccid = _cid; else if(_cid.getType()==ConstructType.CLAS) { int idx = _cid.getQname().lastIndexOf("."); //final String ctx = _cid.getQname().substring(0, idx); if(idx==-1) ccid = null; //throw new IllegalArgumentException("Cannot determine . in qname [" + _cid.getQname() + "]"); else ccid = new ConstructId(_cid.getLang(), ConstructType.PACK, _cid.getQname().substring(0, idx)); } else if(_cid.getType()==ConstructType.INIT || _cid.getType()==ConstructType.METH) ccid = JarDiffResult.getPackageOf(JarDiffResult.getClassOf(_cid)); else if(_cid.getType()==ConstructType.CONS) ccid = JarDiffResult.getPackageOf(JarDiffResult.getClassOf(_cid)); return ccid; }